Introduction
This article explains about how to secure API’s using the SSL certificate.
Audience
It is assumed that readers of this article know how to setup API’s on API gateway.
Prerequisites
- Configure the API at the API gateway.
- Create an Application and associate API with the application.
- Refer the link to create an API
https://github.com/SoftwareAG/webmethods-api-gateway
- In this case, API is configured at API gateway “b2binboundchannel”
- SSL certificate and private key
Configure Certificate at nginx
- Since API Gateway is layered with nginx, therefore certificate needs to be configured at nginx level also.
Verify Ciphers
- Validate the SSL ciphers configured at API GW and at the partner side.
- At both ends, the cipher should match for a successful transaction.
Configure Certificate at API Gateway
- Log in to the API gateway
- Create the application at API Gateway
- Import the public certificate
- In this case, self-signed certificate is uploaded in the application.
Configure the policy
- Open the API
- Navigate to policies.
- Click on Identify & Access policy.
- Select Identify & Authorize Application.
- Select SSL Certificate and select the registered application from application lookup drop-down menu.
Test Using Postman Client
- Configure the certificates at the postman client.
Verify the logs at API Gateway
- Navigate to API gateway
- Open API, in this case, it is b2binboundchannel
- Navigate to Analytics tab
- In the transaction log there will be certificate details, which were sent along with the request.
Note: Attaching the self-signed certificates used for this case
Certificates.zip (2.55 KB)
Check also:
webMethods.io API Gateway: Securing APIs using Payload Element